archTIS takes collaborative approach to trusted information sharing

The company is chaired by Australia's former defence and foreign affairs minister Stephen Smith.

BigPicture

archTIS became part of an international effort to solve an information sharing challenge. Picture: Michael Foran

archTIS Ltd (ASX:AR9) has its origins in Australia’s national government response to the 9/11 attacks in the US and is following a path towards commercialising its platforms for trusted digital information sharing in government.

The founders of archTIS were inspired by the outcomes of the World Trade Center attack and what the 9/11 Commission described as a generational challenge to show unity of effort by sharing information.

The US Senate’s National Commission on Terrorist Attacks Upon the United States highlighted more lives could have been saved by increased information sharing over national borders, across government and between intelligence agencies.

More than 17 years on from the horror of September 11, 2001, the need to share classified information over trusted platforms is as relevant as ever.

Lai said, “It’s really relevant now. It’s in the paper every day … what we are trying to solve is overwhelming.

“The 9/11 attacks … the issues of China and Department of Defence, Austal and the supply chain, Cathay Pacific – the critical thing to note is the overwhelming demand we’re trying to address to pursue (this) information sharing challenge.”

The Canberra-based information security company started out as BSTTech Consulting Pty Ltd in 2006, two years on from the final 9/11 Commission Report.

BSTTech later changed its name to archTIS, an acronym that can be expanded to architected, trusted information sharing.

Facilitating trusted information sharing is archTIS’ core business.

The company’s MD noted the 9/11 Commission’s review of the circumstances around the attacks in 2001 had returned two key findings of interest to the company’s founders, Bruce Talbot, Phillip Dean and himself.

He explained, “The US Senate Commission came out with a number of findings which were, to us, fundamentally interesting business problems to solve but, more importantly, essential business problems to solve because they impacted on human life.

“First and foremost the intelligence agencies that were responsible for protecting US citizens from these types of events had fundamentally failed to share information between themselves and also didn’t have the infrastructure to share information.

“The US Senate Commission found that they could have mitigated that event from occurring, that they had enough information that if they’d shared it and operated on it jointly, they could’ve prevented the incident from happening.”

A second finding came down to one of the most fundamental aspects of human relationships, trust.

Lai said, “The second finding out of that incident was that if the emergency services had shared information between themselves they could’ve saved a lot more lives than they did.

“So out of that whole tragic event came this issue of ‘how do we share information, what are the inhibitors to sharing information’?”

Trust plays a role.

Lai said, “The number one inhibitor to sharing of that information was actually trust.

“We didn’t trust each other enough to share that information, we didn’t think there was a need to know versus a need to share.

“And that was the paradigm change that really happened in the aftermath of that event.”

The US Government, led by then-president George W Bush, established the Department of Homeland Security in 2002, as part of its response to 9/11.

Australia’s government agencies, including archTIS’ cornerstone client Department of Defence, also implemented changes as the nation became closer to the US.

Lai said, “John Howard, who was in the US at the time, became very close to George W Bush, and Australia and America started planning the war on terror.

“And that meant that they needed to share highly classified information.

“As these programs grew, Australia needed desperately a means to share and collaborate on highly-classified information and that’s where we came in.

“We delivered the first secure content collaboration platform accredited to top secret by the US and the Australian government to host that information.”

archTIS delivered the bespoke system now in its third version in 2006, seeing it put it into production in 2007.

Kojensi Gov

The Konjenski Gov information sharing platform that archTIS is commercialising was built on top of the solution used inside of Defence.

archTIS plans to host Kojensi Gov on its partner Vault System’s Australian Signals Directorate-certified cloud platform for government clients.

Kojensi allows for communication and collaboration between select personnel in an agency, or across agencies.

System users can be granted differential access to different versions of a document in line with their respective security clearances.

Lai said, “The paradigm change was we built security into the base of the system and then built how people collaborate and use that information on top of it.

“It was fundamentally put down at the base and not added on as an afterthought afterwards.”

Kojensi is also an ecosystem for collaboration and sharing in a variety of high-security and low-security environments.

For example, a person allowed to see restricted or highly-classified information could view that information over a secure network, but if accessing the internet from an open WiFi network could not see the restricted information at that time, on that device.

Collaborators using the system can share documents, comment on them and work simultaneously as they focus on being productive while keeping security in mind.

Kojensi Gov’s unique security model enables government agencies to share and collaborate on their information while meeting regulatory, security and sovereign compliance requirements.

Lai explained, “We had to come up with a new security model to emulate the way that people produced, consumed, shared information and we utilised a framework called attribute data-access control to do that.

“The difference between the current ways of doing it, which is roles and proofs, is that they had two attributes, your role and your proof.

“When you want to go fine grain, when you want to understand your nationality, who you work for, your security clearance, whether or not you should be allowed to see that brief, what is your role in the operation, what don’t you need to know, which devices you’re seeing on, all of a sudden you have a whole range of attributes which need to be made compliant with.

“(They also need to be) flexible and agile to suit the person, of how they use that information and access that information.”

Trust came into play again.

Lai said, “The security model’s the first differentiator and the second differentiator is how we solved trust in that.

“Trust is in a human being is not a technology and what we learned here was that if somebody wishes to share information which is of high value to them, they don’t just want to hand it over to someone who then has access to it and can do with it whatever they want.

“They still want to maintain control of that information when they share it. If I share my information with you, I set the terms and conditions of how you can use that information.

“Let’s say I share a piece of information with you and I say to you that you’re not allowed to pass that information on to anybody else – it can’t leave this space that I control and only you can access it.

“Say I’m in the Qantas Club and I log into the Qantas network and it’s a publicly-open network, it’ll automatically say this is an untrusted network, you can only see unclassified information.

“But if I walk into a secure location it can generate it to secret.

“That has huge implications for how we apply security, and compliance, and present information in a certain context, depending upon your contextual view.”

Konjenski Gov will be beta-tested at the Australian Attorney-General Department from this month after it was launched in alpha form at the Technology in Government Conference in the Australian Capital Territory in August 2018.

The beta-testing period will last about 12 weeks before an expected commercial launch of the product.

Lai said the company remained on track for a commercial launch of Konjenski Gov in the March 2019 financial quarter.

A cybersecurity consultancy to government for many years, archTIS expects to add additional clients to its Kojensi Gov user base after making 38 demonstrations on the back of its alpha launch at TIGC in Canberra.

Some potential end-users see the product as an alternative to the ubiquitous TRIM records management software now known as Micro Focus Content Manager

Lai was encouraged by the interest generated at TIGC last year, saying, “In all my years of working in the IT industry it was the first time that I’d ever seen people from government agencies on the first day seeing it and then coming back the next day with other people from their agencies saying ‘oh you’ve gotta see this’.

“We got an overwhelming response.”

Besides Defence and the Attorney-General’s Department, the Australian departments of Finance, and Foreign Affairs and Trade (DFAT) have been archTIS clients.

Building revenues

archTIS is a newcomer to the Australian Securities Exchange, listing on the Australian market in September 2018.

It was upfront during its initial public offering campaign, rattling the tin to raise funds to commercialise Kojensi products.

Investors responded, subscribing to $8 million of new shares, with the funds now being deployed in the commercialisation of the platform.

Writing results

The company has built up its revenues since listing on the ASX.

It increased revenues by $103,000, or 19.75%, in the September 2018 quarter, when compared to the $574,000 revenues it wrote in the full 2017-18 financial year.

archTIS has reported its strategy to “maximise revenue growth is to focus on its next generation of cloud-based Kojensi products which will see customers pay per user per month.”

The company held $7.63 million on September 30, 2018.

People power

archTIS executive director Bruce Talbot founded the company in 2006, with now-MD Daniel Lai and principal consultant Phillip Dean coming on board in 2006-07.

A computer security systems specialist, Talbot spent 20 years with Australian Defence Force and 20 years more years with organisations such as the Australian Federal Police, Airservices Australia corporation, CA Technologies and Hitachi Vantara Australia Pty Limited.

Lai had extensive experience in senior management roles, previously leading a single information environment initiative for the Department of Defence and enterprise change as a service delivery manager at Australian Customs and Border Protection Service.

He joined archTIS early on in its history, heading up operations and sales before becoming managing director.

Dean was the inaugural chairman at archTIS after previously working in information technology at BHP.

Former Labor party federal politician Professor Stephen Smith joined the board in March 2018 as chairman of the company.

The University of Western Australia international law professor and former Member for Perth had a 20-year career in politics, serving as both as defence minister and foreign affairs minister.

archTIS’ strategic partner Vault has had the backing of a number of other high-profile former secretaries to government who have sat on the private company’s board since November 2017.

Former finance and health secretary Jane Halton became chairwoman of Vault while former defence and DFAT secretary Dennis Richardson joined as a non-executive director.

Richardson was previously security director-general at the Australian Security Intelligence Organisation (ASIO) and an Australian ambassador to the US in the years following the 9/11 report.

Vault was founded by former JN solutions chief executive officer Rupert Taylor-Price who also welcomed Moelis Australia Ltd (ASX:MOE)’s Moelis Australia Government Infrastructure Fund as a major investor in November 2017.

Capital structure

archTIS has a tight capital structure with its top 20 shareholders holding 63.89% of the company on September 20, 2018.

The Trust Company (Australia) Limited was the largest shareholder, holding 10.03%, while Cyber Security Investment Partners Pty Ltd was the second largest (9.9%), with HSBC Custody Nominees (Australia) Limited in third place (7.17%).

Founder Talbot and CEO Lai each had 5.88%, as did Possum Hill Pty Ltd, to round out the top six.

Also among the mix was J P Morgan Nominees Australia Limited with 1.98%, as the company’s ninth largest shareholder.

Partners:

Tech Capital, a subsidiary of Proactive Investors, acts as the vanguard for
listed tech companies to interact with
institutional and highly capitalised investors. Headquartered in London, Tech Capital is led by a team of Europe's
leading analysts and journalists, publishing daily content, covering all key movements
in the Technology market.